The sandbox security model typically refers to the type of files that Java
applets have access to. The sandbox can be viewed as the restrictions of
the program and is constructed by the applet security model. The applet
security model reduces to:"Trust Nothing". In essence, applets are limited
to "playing" in the sandbox where they live - the server that holds applet's
files. This amounts to no access to local files on the users' machines or
on other servers.

There are ways to expand the sandbox - trusted applets are a good example.
If a user trusts an applet, she can allow the applet access to local files.